SQL: OIDC and access management

[kbatuigas]

Description

This pull request introduces comprehensive documentation for Redpanda SQL's user and access management features, including new reference pages for user lifecycle statements and privilege management, as well as a guide for connecting with OpenID Connect (OIDC). It also updates the navigation to surface these new topics and ensure users can easily find information about authentication and authorization.

New user and access management documentation:

• Added reference pages for the CREATE USER, ALTER USER, and DROP USER SQL statements, detailing syntax, usage, and examples for managing Redpanda SQL users. [1] [2] [3]
• Added reference pages for the GRANT and REVOKE SQL statements, covering privilege assignment and removal on various database objects, including external sources and schemas. [1] [2]

OIDC authentication documentation:

• Added a new how-to guide, connect-with-oidc.adoc, describing how to authenticate to Redpanda SQL using OIDC bearer tokens or client credentials, with step-by-step instructions and code examples for multiple clients.

Navigation and discoverability improvements:

• Updated nav.adoc to include links to the new OIDC connection guide, user management, and privilege management topics, making these features easier to find in the documentation. [1] [2]

Resolves https://github.com/redpanda-data/documentation-private/issues/
Review deadline: 21 May

Page previews

Redpanda SQL > Connect to RP SQL > Connect to RP SQL with OIDC
Redpanda SQL > Manage RP SQL > Manage Access
Reference > Redpanda SQL Reference > Statements > CREATE USER
Reference > Redpanda SQL Reference > Statements > ALTER USER
Reference > Redpanda SQL Reference > Statements > DROP USER
Reference > Redpanda SQL Reference > Statements > GRANT
Reference > Redpanda SQL Reference > Statements > REVOKE

Checks

• New feature
• Content gap
• Support Follow-up
• Small fix (typos, links, copyedits, etc)

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	ccb45aa
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/6a0d2fe33022030008a5a8ba
😎 Deploy Preview	https://deploy-preview-580--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4d3cf36b-fcdd-49ef-89b1-b9fb34a09ff8

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch DOC-1999-document-feature-oxla-oidc-authn-support

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[paulzhang97]

missing -c. 'auth_method=bearer' should be '-c auth_method=bearer'

[paulzhang97]

'auth_method=client_secret' should be '-c auth_method=client_secret'

[paulzhang97]

We don't expose oidc.require_tls to customers. We should remove the bullet.

[kbatuigas]

For SME: please confirm if this is correct and relevant